MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b62dc83e91db6431a0937c7b3835dc38cc475c7f9d7c2ecf877d73c2ec9320be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SHubStealer


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b62dc83e91db6431a0937c7b3835dc38cc475c7f9d7c2ecf877d73c2ec9320be
SHA3-384 hash: bec2b3e9407251bf0a9b56deccfc2c3dfcd2699ca8d25c61d44307fca4d59ad96d88157feecc25181e9d8a9a5186cbc1
SHA1 hash: 23ffaff69a3cd4412b263587df7f10227baea845
MD5 hash: e8c30e962070c325004f80b3c4fc3546
humanhash: king-texas-oscar-oxygen
File name:loader (3).sh
Download: download sample
Signature SHubStealer
Create hunting rule
File size:745 bytes
First seen:2026-05-29 06:23:25 UTC
Last seen:2026-05-29 06:23:30 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 12:SCny997dG3BCFr+Bnx8jiFHYfDlKpFeixnLQmT/adGXhG1ugykYP9RcADB73O9y:7QxdGxCFnm1EDlgNjTidGXhGIBFVR98c
TLSH T1B80199EF343234721F5385E65C1391534D76C33F5BD05DA878E56B3409AE020633022E
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter JAMESWT_WT
Tags:sh SHub-Stealer SHubStealer

Intelligence

File Origin
# of uploads :
2
# of downloads :
52
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.MacOS.Stealer-HG.67365437.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/6a1930e9099ef368af0af589/reports/75908803-b14a-4e69-bba9-d967d0a21eca/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-05-29T01:00:00Z UTC
Last seen:
2026-05-30T23:06:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.dv not-a-virus:HEUR:Downloader.OSX.Agent.ad
Link:
https://opentip.kaspersky.com/b62dc83e91db6431a0937c7b3835dc38cc475c7f9d7c2ecf877d73c2ec9320be/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/7fde2a80-58d1-4929-b899-90857b7a2d5e
Behavior Graph:
Download SVG
%3 guuid=ecf755ca-1700-0000-d9f5-4bd3d70a0000 pid=2775 /usr/bin/sudo guuid=7ea595cc-1700-0000-d9f5-4bd3db0a0000 pid=2779 /tmp/sample.bin guuid=ecf755ca-1700-0000-d9f5-4bd3d70a0000 pid=2775->guuid=7ea595cc-1700-0000-d9f5-4bd3db0a0000 pid=2779 execve guuid=1516e4cc-1700-0000-d9f5-4bd3dd0a0000 pid=2781 /usr/bin/bash guuid=7ea595cc-1700-0000-d9f5-4bd3db0a0000 pid=2779->guuid=1516e4cc-1700-0000-d9f5-4bd3dd0a0000 pid=2781 clone guuid=5b5a7acd-1700-0000-d9f5-4bd3e20a0000 pid=2786 /usr/bin/hostname guuid=7ea595cc-1700-0000-d9f5-4bd3db0a0000 pid=2779->guuid=5b5a7acd-1700-0000-d9f5-4bd3e20a0000 pid=2786 execve guuid=17d9b0cd-1700-0000-d9f5-4bd3e40a0000 pid=2788 /usr/bin/bash guuid=7ea595cc-1700-0000-d9f5-4bd3db0a0000 pid=2779->guuid=17d9b0cd-1700-0000-d9f5-4bd3e40a0000 pid=2788 clone guuid=e6ecbae3-1700-0000-d9f5-4bd30b0b0000 pid=2827 /usr/bin/bash guuid=7ea595cc-1700-0000-d9f5-4bd3db0a0000 pid=2779->guuid=e6ecbae3-1700-0000-d9f5-4bd30b0b0000 pid=2827 clone guuid=d6f2e0e3-1700-0000-d9f5-4bd30c0b0000 pid=2828 /usr/bin/curl net send-data guuid=7ea595cc-1700-0000-d9f5-4bd3db0a0000 pid=2779->guuid=d6f2e0e3-1700-0000-d9f5-4bd30c0b0000 pid=2828 execve guuid=04be85f8-1700-0000-d9f5-4bd33d0b0000 pid=2877 /usr/bin/bash guuid=7ea595cc-1700-0000-d9f5-4bd3db0a0000 pid=2779->guuid=04be85f8-1700-0000-d9f5-4bd33d0b0000 pid=2877 clone guuid=b6690fcd-1700-0000-d9f5-4bd3de0a0000 pid=2782 /usr/bin/bash guuid=1516e4cc-1700-0000-d9f5-4bd3dd0a0000 pid=2781->guuid=b6690fcd-1700-0000-d9f5-4bd3de0a0000 pid=2782 clone guuid=a80428cd-1700-0000-d9f5-4bd3e00a0000 pid=2784 /usr/bin/mawk guuid=1516e4cc-1700-0000-d9f5-4bd3dd0a0000 pid=2781->guuid=a80428cd-1700-0000-d9f5-4bd3e00a0000 pid=2784 execve guuid=f5c7c5cd-1700-0000-d9f5-4bd3e50a0000 pid=2789 /usr/bin/curl net send-data guuid=17d9b0cd-1700-0000-d9f5-4bd3e40a0000 pid=2788->guuid=f5c7c5cd-1700-0000-d9f5-4bd3e50a0000 pid=2789 execve 71d5fbeb-6e3e-587d-bea9-4cc9e23c5081 api.ipify.org:443 guuid=f5c7c5cd-1700-0000-d9f5-4bd3e50a0000 pid=2789->71d5fbeb-6e3e-587d-bea9-4cc9e23c5081 send: 775B guuid=f5c7c5cd-1700-0000-d9f5-4bd3e50a0000 pid=2797 /usr/bin/curl dns net send-data guuid=f5c7c5cd-1700-0000-d9f5-4bd3e50a0000 pid=2789->guuid=f5c7c5cd-1700-0000-d9f5-4bd3e50a0000 pid=2797 clone guuid=f5c7c5cd-1700-0000-d9f5-4bd3e50a0000 pid=2797->71d5fbeb-6e3e-587d-bea9-4cc9e23c5081 con 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=f5c7c5cd-1700-0000-d9f5-4bd3e50a0000 pid=2797->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 62B 957842b1-da8d-5b79-81dc-130d913b278a qw4c12qqqqoepwq.com:443 guuid=d6f2e0e3-1700-0000-d9f5-4bd30c0b0000 pid=2828->957842b1-da8d-5b79-81dc-130d913b278a send: 993B guuid=d6f2e0e3-1700-0000-d9f5-4bd30c0b0000 pid=2834 /usr/bin/curl dns net send-data guuid=d6f2e0e3-1700-0000-d9f5-4bd30c0b0000 pid=2828->guuid=d6f2e0e3-1700-0000-d9f5-4bd30c0b0000 pid=2834 clone guuid=d6f2e0e3-1700-0000-d9f5-4bd30c0b0000 pid=2834->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 74B guuid=d6f2e0e3-1700-0000-d9f5-4bd30c0b0000 pid=2834->957842b1-da8d-5b79-81dc-130d913b278a con guuid=0cb195f8-1700-0000-d9f5-4bd33e0b0000 pid=2878 /usr/bin/bash guuid=04be85f8-1700-0000-d9f5-4bd33d0b0000 pid=2877->guuid=0cb195f8-1700-0000-d9f5-4bd33e0b0000 pid=2878 clone guuid=349b9cf8-1700-0000-d9f5-4bd33f0b0000 pid=2879 /usr/bin/sed guuid=04be85f8-1700-0000-d9f5-4bd33d0b0000 pid=2877->guuid=349b9cf8-1700-0000-d9f5-4bd33f0b0000 pid=2879 execve
Score:
12%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/b62dc83e91db6431a0937c7b3835dc38cc475c7f9d7c2ecf877d73c2ec9320be
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b62dc83e91db6431a0937c7b3835dc38cc475c7f9d7c2ecf877d73c2ec9320be/
Verdict:
Malicious
Threat:
Downloader.OSX.Agent
Link:
https://tip.neiki.dev/file/b62dc83e91db6431a0937c7b3835dc38cc475c7f9d7c2ecf877d73c2ec9320be
Threat name:
MacOS.Trojan.SuspMalScript
Create hunting rule
Status:
Malicious
First seen:
2026-05-28 23:22:06 UTC
File Type:
Text (Shell)
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wyw4qpur3nsddietpr5tqno4hdgeoxd7tv6c5t4hpvz4f3etec7a._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
antivm discovery linux
Link:
https://tria.ge/reports/260529-g5shnsdz2q/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Checks CPU configuration
Looks up external IP address via web service
Malware family:
SHubStealer
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/b62dc83e91db/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/b62dc83e91db6431a0937c7b3835dc38cc475c7f9d7c2ecf877d73c2ec9320be

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments